Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/064c28e8-7c9d-4020-93d2-8a3f4249ae3a.roa
File:                     064c28e8-7c9d-4020-93d2-8a3f4249ae3a.roa (raw, json)
Hash identifier:          g8AM39fnrt5Dv05mNxchvaEo5sHRlx9BEsse6AW8izM=
Subject key identifier:   3F:A1:32:4C:13:0F:D2:C5:1F:16:08:3D:74:87:6D:82:DE:5F:E5:A8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B6E7BB968460DD0090ED40F3D1FE469C6D428FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/064c28e8-7c9d-4020-93d2-8a3f4249ae3a.roa
Signing time:             Mon 06 Oct 2025 15:39:03 +0000
ROA not before:           Mon 06 Oct 2025 15:39:03 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.110.12.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:6e:7b:b9:68:46:0d:d0:09:0e:d4:0f:3d:1f:e4:69:c6:d4:28:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct  6 15:39:03 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=7accb661487bd0a22a9088c636416b14e6b11d9b0cfa7ab430b888133c80608b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:df:6b:b9:b7:48:d4:15:1a:dd:e3:2b:09:
                    34:b9:0f:0a:5a:b3:87:d6:67:8b:cf:94:3e:e6:fa:
                    a5:16:ff:87:96:da:5b:70:9d:3a:6c:6f:da:6f:2f:
                    69:7b:47:67:33:99:3b:b6:b9:d9:46:5f:7f:67:fb:
                    20:6d:13:10:52:d2:bf:a8:a6:bb:6f:6c:96:43:75:
                    52:09:75:09:51:ca:64:f1:db:58:b7:6a:24:6a:78:
                    44:36:6f:7f:e4:d2:dd:80:06:83:79:1b:88:07:51:
                    31:40:1f:d9:e7:f5:5d:6a:3d:02:6f:93:4e:bc:8f:
                    d1:f1:c7:b8:cb:14:33:de:6b:de:ee:ea:c7:60:c4:
                    c7:51:5f:af:a9:f3:8f:9d:9f:a6:a4:8f:e3:94:00:
                    a7:df:87:b7:51:3d:81:02:a9:95:9c:a9:c0:f7:0c:
                    09:08:28:c1:e2:ca:44:f6:67:2a:39:af:09:31:81:
                    90:3e:cd:c6:17:a9:5f:41:e8:11:c9:33:71:29:da:
                    55:24:5c:07:8f:df:52:b4:52:7e:18:ed:52:ff:95:
                    ae:9e:c4:5f:07:cd:71:95:4c:99:32:d6:1f:ce:74:
                    ae:29:9b:3b:f2:f4:b4:48:fe:2e:12:07:38:7d:d6:
                    94:63:56:4e:ee:f3:46:97:da:9b:b6:3c:44:62:5a:
                    3f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A1:32:4C:13:0F:D2:C5:1F:16:08:3D:74:87:6D:82:DE:5F:E5:A8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/064c28e8-7c9d-4020-93d2-8a3f4249ae3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d0:f1:a0:32:e3:be:f0:fe:0d:70:18:13:23:65:20:c2:cb:23:
         da:b9:67:a8:c3:52:eb:75:31:91:2e:c1:bf:0d:f5:c8:12:ed:
         d3:9f:7f:0d:09:21:9c:74:47:31:8d:92:f7:ca:f2:3b:2c:fe:
         94:79:b6:db:37:34:88:1b:a7:e7:09:2f:f5:9c:61:aa:3c:a4:
         42:91:48:58:86:4e:0c:6d:ef:5d:29:09:97:fd:80:21:7a:1f:
         3f:a8:2e:da:3d:73:fe:ad:0a:11:5c:78:a4:e4:7a:79:c3:cc:
         2c:af:9c:30:1f:0b:d5:8b:d4:b0:60:05:05:e6:88:6e:75:cc:
         5c:c5:35:7c:e3:e7:a3:55:c6:d5:5d:4f:06:83:fb:5b:81:8d:
         d9:4f:79:04:22:6c:58:ef:b9:3e:fd:f3:4e:9a:bb:14:51:79:
         5f:a2:7b:e3:e7:32:fd:ee:6f:93:6e:a9:d3:31:c1:34:53:39:
         46:3f:ac:1c:79:3e:60:94:39:bb:35:93:b3:de:23:3e:b9:70:
         f7:ee:41:45:40:87:33:c5:a6:01:4b:99:f1:7c:5f:2d:b6:13:
         86:cf:44:99:35:b7:40:a5:a2:d5:eb:71:8c:a8:f9:06:6d:89:
         7b:9e:76:4e:ca:c2:61:0f:5c:71:b4:01:07:b7:55:71:0b:e7:
         dc:2e:e8:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe257uWhGDdAJDtQPPR/kacbUKPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUxMDA2MTUzOTAzWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YWNjYjY2MTQ4N2JkMGEyMmE5MDg4YzYzNjQxNmIxNGU2
YjExZDliMGNmYTdhYjQzMGI4ODgxMzNjODA2MDhiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChrN9rubdI1BUa3eMrCTS5Dwpas4fWZ4vPlD7m+qUW/4eW
2ltwnTpsb9pvL2l7R2czmTu2udlGX39n+yBtExBS0r+oprtvbJZDdVIJdQlRymTx
21i3aiRqeEQ2b3/k0t2ABoN5G4gHUTFAH9nn9V1qPQJvk068j9Hxx7jLFDPea97u
6sdgxMdRX6+p84+dn6akj+OUAKffh7dRPYECqZWcqcD3DAkIKMHiykT2Zyo5rwkx
gZA+zcYXqV9B6BHJM3Ep2lUkXAeP31K0Un4Y7VL/la6exF8HzXGVTJky1h/OdK4p
mzvy9LRI/i4SBzh91pRjVk7u80aX2pu2PERiWj9zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP6EyTBMP0sUfFgg9dIdtgt5f5agwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA2NGMyOGU4LTdjOWQtNDAyMC05M2QyLThhM2Y0MjQ5YWUzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIYbgwwDQYJKoZIhvcNAQELBQADggEBANDxoDLjvvD+DXAYEyNlIMLLI9q5
Z6jDUut1MZEuwb8N9cgS7dOffw0JIZx0RzGNkvfK8jss/pR5tts3NIgbp+cJL/Wc
Yao8pEKRSFiGTgxt710pCZf9gCF6Hz+oLto9c/6tChFceKTkennDzCyvnDAfC9WL
1LBgBQXmiG51zFzFNXzj56NVxtVdTwaD+1uBjdlPeQQibFjvuT79806auxRReV+i
e+PnMv3ub5NuqdMxwTRTOUY/rBx5PmCUObs1k7PeIz65cPfuQUVAhzPFpgFLmfF8
Xy22E4bPRJk1t0ClotXrcYyo+QZtiXuedk7KwmEPXHG0AQe3VXEL59wu6Ew=
-----END CERTIFICATE-----